It's been a long time since I last posted on EHNet. Some of you might remember me and some might not. To cut the long story short, I got selected in one of the best universities of my country for MS and currently pursuing research in IT Security.

For one of my research projects I need obfuscated javascript samples: both malicious and harmless. I was thinking if I could get samples from any of the EHNet members or if any of you could direct me to some resource where I could get the samples.

If you want to share samples, kindly message me on EHNet and I will provide you my email address.

Note: Please do not ask for my email if you have only 1-2 posts here on EHNet. I will only provide the email to members I trust or members I can trust.

@hayabusa Thanks. I highly appreciate it, The thing is that I need not one or two but a few thousand samples found in the wild. Generating them individually would consume a lot of time. That's why I was asking if someone already has a database maybe they could share it.

I'm not sure if there's a definitive source of a few thousand examples, that anyone can point you to, offhand... But if they can, I'd be interested to see that, too, if for not other reason than to study 'other' methods that I haven't seen.

Edit - looking for that many, might I assume your project is to try to create some sort of tool to spot them?

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

If I'm wanting to quickly analyse some JS in the wild I usually turn to Wepawet. I've no affiliation with the service but it couldn't hurt to get in touch with the team there to see if they're willing/able to provide access to some of their samples?

Alternatively, some of Wepawet's reports can be accessed based on md5 hash of the content (I found this report via a quick google search for example). I've not read their Ts&Cs so use at your own risk, but a quick Google Dork of:

site:wepawet.iseclab.org intitle:report inurl:'type=js'

is currently returning >15k results

Unfortunately Wepawet's report format only lists the de-obfuscated operations rather than the original source so may not be exactly relevant to your needs, but you could always use the listed report targets to grab any scripts that are still live yourself.

Hope this helps, good luck with your project.

Last edited by RoleReversal on Tue Sep 25, 2012 5:55 pm, edited 1 time in total.